On 26 Jan 2002, Perry E. Metzger wrote: > > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes: < . . . . > > > C'mon, depending on "is-ness" is exactly the same cat-and-mouse game > > as authentication technologies that depend on "have-ness" and > > "know-ness" attributes. > > I have no idea what the heck you're talking about there. Perhaps you > do, perhaps not. < . . . . > I took 'have-ness' to mean a token, smartcard, i-Button, little gizmo that gens a new number every 60 sec, dongle, whatever; the thread being some physical matter thing like a key. 'Know-ness' I ascribed to passwords, passphrases, things that are known or can be divined from one's internal resources; an epistemological sort of thing.
I have heard people say that security can be based on either a) something that you know, b) something that you have, or c) something that you are; usually I have heard this 'security-divided-into-three-parts' idea in the preamble to a sales pitch for something from either b) or c). Without think about it some more, I don't know whether to place the entire notion of security controls based on biometric telemetry in with _pure_ bullshit like copy protection, watermarking, non-repudiation, tamper proofing, or trusted third parties. Admittedly, there is a lot of bullshit in the idea, I'm just not sure it is pure. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
